[Bug 1042] New: Signed jnlp file is not checked and validated if the main jar is brought in through an external jnlp file

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Fri Jun 8 08:32:49 PDT 2012 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1042

          Priority: P3
            Bug ID: 1042
                CC: unassigned at icedtea.classpath.org
          Assignee: smohammad at redhat.com
           Summary: Signed jnlp file is not checked and validated if the
                    main jar is brought in through an external jnlp file
          Severity: normal
    Classification: Unclassified
                OS: Linux
          Reporter: smohammad at redhat.com
          Hardware: x86_64
            Status: NEW
           Version: unspecified
         Component: Plugin
        Depends on: 1040
           Product: IcedTea-Web

Created attachment 708
  --> http://icedtea.classpath.org/bugzilla/attachment.cgi?id=708&action=edit
Reproducer

In cases where the main jar is brought in through an external jnlp file (using
extensions), a signed jnlp file is not being checked and validated. The signed
jnlp file within the main jar should be compared to the jnlp file that has the
main jar as it's resource (so the external jnlp file, not the main launching
jnlp file).

I have attached a reproducer to test this. When the application is to be
launched, it _should_ throw an exception since the signed jnlp file does not
match the external jnlp file.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120608/b643c06f/attachment.html

More information about the distro-pkg-dev mailing list